Thanks Alan. I wanted to test your solution before replying. I've been trying it all day but couldn't get it work. Something very strange is happening . I've added, as you suggested, Auth-Type=PAP. I do that with a users-file at the end of authorization module and I set password_header={sha} in my ldaps modules ( I hope I won't be wrong ). The problem is rlm_pap: Attribute "Password" is required for authentication. I don't know why the client is not sending the password. I've been watching packets with ethereal and can't see the password although I can see username. I'm using Win XP + Secure W2. Did it ever happen to you something similar? 2006/8/4, Alan DeKok <aland@deployingradius.com>:
wekz <fbl.list@gmail.com> wrote:
The user is authorized and the password is got from
the
ldap (rlm_ldap: Adding userPassword as User-Password, value {sha}rur+4yJuecpmc8vxS/8wAyAMNHM= & op=21)
In 1.1.x, you have to configure the "ldap" module to know about the "{sha}" password header. See the "ldap" section of "modules".
And after matching the group Local in my
users-file:
auth: type Local auth: user supplied User-Password does
NOT
match local User-Password auth: Failed to validate the user.
Unfortunately, this is one of the few cases where you probably have to set Auth-Type = PAP. Note that this is ONLY a 1.1.x limitation. The CVS head, and therefore 2.0 has that fixed.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html